ISPs, communication firms file legal complaint over UK GCHQ spying

Seven internet service and communications providers worldwide have filed a legal complaint against the UK's spy agency GCHQ in light of the Snowden revelations.

The complaint was filed on Wednesday by US firms RiseUp and May First/People Link, the UK's GreenNet, Netherlands-based Greenhost, Zimbabwe's Mango, Korean firm Jinbonet, Germany's Chaos Computer Club and Privacy International in collective action against GCHQ's intelligence activities.

The organizations say they are calling for an end to GCHQ's "attacking and exploitation of network infrastructure in order to unlawfully gain access to potentially millions of people’s private communications."

After former NSA contractor Edward Snowden leaked confidential documents to the media revealing the surveillance activities of the US government, it was discovered that the UK's nose was far from clean. The GCHQ has come under fire for a number of activities, including using telecom firms to access undersea cables which allow the tapping of communication lines.

The complaint (.PDF) was filed today with the UK's Investigatory Powers Tribunal, an organization that investigates complaints against public bodies.

The claimants assert that GCHQ's "attacks on providers" are not only illegal, but are destructive and undermine the "goodwill organisations rely on." In addition, the claimants say that the government's actions have damaged trust placed in security and privacy.

The claimants draw on a number of examples within their complaint, including the targeting by GCHQ of Belgian telecommunications company Belgacom's employees. It is alleged that GCHQ infected computer systems with malware to gain access to important network infrastructure. In addition, three German internet exchange points are believed to have been targeted through a joint NSA-GCHQ operation, where exchange points were tapped — allowing the government agencies to spy on internet traffic.

GCHQ and the NSA's network exploitation and intrusion capabilities, including covert data injections, also come under fire within the complaint.

While the groups bringing the complaint forward were not specifically named in the documents released by Snowden to the media, they say that GCHQ and the NSA's surveillance activities can be challenged because any internet and communications provider could be at risk, and both the companies themselves and their customers could become targets.

The case filed today follows two other cases filed by Privacy International following the Snowden leaks. The first complaint was lodged due to the mass surveillance programs TEMPORA, PRISM and UPSTREAM, and the second against the use of spyware and malicious software by GCHQ to gain access to computer systems.

Eric King, Deputy Director of Privacy International, said:

These widespread attacks on providers and collectives undermine the trust we all place on the internet and greatly endanger the world’s most powerful tool for democracy and free expression. It completely cripples our confidence in the internet economy and threatens the rights of all those who use it. These unlawful activities, run jointly by GHCQ and the NSA, must come to an end immediately.